On 18/05/2016 10:05 a.m., Yuri Voinov wrote: > > ..... and a bit below in squid.conf.documented we can see..... > > # SSL OPTIONS > # > ----------------------------------------------------------------------------- > > # TAG: sslproxy_client_certificate > # Client SSL Certificate to use when proxying https:// URLs > #Default: > # none > > # TAG: sslproxy_client_key > # Client SSL Key to use when proxying https:// URLs > #Default: > # none > > Ta-daaaaaaaa! > You are the one getting it wrong here Yuri :-( * clientca= is for listening ports. He wants that conectio to be cleartext. * sslproxy_* directives are for generic DIRECT connections. He wants a specific proxy<->server connection to be TLS authenticated. For the S<->B connection to use client certificates. cert= and key= on the cache_peer directive defining that link are correct. But there are twe other details that need to happen for it to work: * the server actually challenge for the proxies 'client' cert, and * the server trust the CA which signed that cert. The world of "not working" is a very big place. We need more details of *how* its not working in order to have any guideposts towards what the problem actually is. As Yuri used to say a lot, my psychic friend is on holiday. Amos > > 18.05.16 3:11, Robert W Weaver пишет: >> Greetings, squid users and devs, > >> I think this is usual, but I can't find examples, and I can't make it > work. :-) > >> The issue is I need to connect to a site that requires client > authentication. Don't want to put the key and cert on each individual > user, so instead want the key and cert on the proxy. > >> Diagram: > >> User A ---> Squid S ---> Server B >> ^ ^ >> | +-- TLS client authentication >> +-- cleartext okay > >> I'm able to bump, but the client authentication to server B isn't > working. Configured cert and key on S with ssl-bump cert= .. key= .. > but that isn't working. > >> Is this not possible? > >> --woody > > >> /-- >> "I used to wish the universe were fair. Then one day it hit me: What if >> the universe were fair? Then all the awful things that happen to us in >> life, would happen because we deserved them. So now I take great pleasure >> in the general hostility and unfairness of things." >> -- Marcus, on Babylon 5/ > > >> _______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
